Introduction to Vault
The Butter Card Vault solution is designed to streamline and secure the card data handling process for merchants during checkout flows. The key component of our system is the integration of secure elements into your checkout pages. These elements, which are essentially an embedded iframe, ensures that sensitive card information is never processed or stored on your systems, maintaining PCI DSS compliance and reducing your liability.
Our elements can be easily integrated into your checkout flow, are compatible with popular frontend frameworks like React, and are fully customizable from a UI perspective. We also offer native JavaScript implementations that can be tailored to work with any other frontend frameworks.
In addition to elements, we also offer direct API access for merchants requiring integrations with mobile applications or backend requirements. Interacting directly with our vaulting API will require providing PCI DSS AOC documentation. Please reach out if this is a requirement for your integration.
Encrypted Card Storage: Each card is encrypted within a dedicated merchant container vault, ensuring that sensitive information is securely compartmentalized. Additionally, we utilize UUIDs to reference encrypted cards, minimizing any potential risk exposure.
PCI-DSS Compliance: Our encryption methods adhere to the highest standards set by the Payment Card Industry Data Security Standard (PCI-DSS). This includes utilizing envelope encryption with AES256-GCM, ensuring robust protection of card data.
Restricted Employee Access: Our system is designed to restrict direct access to underlying credit card information. Butter employees do not have the capability to view or access raw card data, aligning with strict PCI-DSS compliance requirements.
Restricted Data Transmission: Transmitting raw card data outside of our vault requires stringent endpoint whitelisting, with validation of PCI certification. Currently, this access is restricted to select major payment service providers like Stripe, Braintree, Worldpay, etc.
Certification and Scrutiny: Our solution undergoes rigorous examination by independent certification organizations to validate its security and compliance with PCI-DSS standards. This ensures that our system remains robust and resilient against potential threats.
Directly interacting with the Butter Card Vault API requires certification of PCI compliance.